From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 80EDC200370 for ; Thu, 15 Mar 2012 11:19:40 -0700 (PDT) Received: by wibhm17 with SMTP id hm17so8013269wib.4 for ; Thu, 15 Mar 2012 11:19:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=SRGXJ11sPkpX8xrZS3btFWXfyyJJDhP8/f3jGHAzeE4=; b=nVMcW4GNAynYq0kOdnxldIDZ3YHtMvmqwh3PDvYLF+XGKCU95N/QCZcfysrGD2E/w0 45+f/IrQY2y9PSZb+pHRdgF8stme2/MMvS3qKMHqYc1nSkHbhQmSnEGIThXuVLW1/dlV neXnwqKKMz20FVtYLvnTEYAb8nveRi/q6ywBkJIzmToJeC8McAXbZhvvvJniIja1/VX2 sCw8JZgy7yAOrmoZCxPYp+qoI7ipRcUkJ0zlltBSRRLzq0uaLi0QQCcrQ6tzkHWBRvet +JUeXF1BWmQiz6KOPTK6OKlk2cm8ke8bANfq4s2fTyGSI1YThZ94hvSRki6+cxRBUPr/ B5lQ== MIME-Version: 1.0 Received: by 10.180.91.10 with SMTP id ca10mr28615693wib.17.1331835578220; Thu, 15 Mar 2012 11:19:38 -0700 (PDT) Received: by 10.223.151.8 with HTTP; Thu, 15 Mar 2012 11:19:38 -0700 (PDT) In-Reply-To: References: Date: Thu, 15 Mar 2012 11:19:38 -0700 Message-ID: From: Dave Taht To: Ketan Kulkarni Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] dns failures on cerowrt X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 18:19:40 -0000 I hope you don't mind, but I prefer to always answer questions like these publicly. On Thu, Mar 15, 2012 at 10:55 AM, Ketan Kulkarni wrote= : > Hi Dave, > I bought wndr3800 and now setting up the cerowrt on it. Yea! > I am getting few issues in setting up dns server. > Observation: nslookup from my laptop through cerowrt fails > > Thanks jg for many dns related pointers - still I must have missed someth= ing > to get it working. > > Few things I tried (few of them really dumb) - > 1. Time and zone is properly set on cerowrt box > 2. Restarted namedprep and named everytime At one level I'm glad we're exposing potential problems with getting dnssec deployed more widely. At another level, it frustrates me. > 3. Also tried modifying > dnssec-validation auto to off; > dnssec-lookaside auto to off; and then restarting named but it didnt help > either. To debug these sorts of problems I usually use a command to continuously read the syslog openwrt# logread -f & and then watch stuff like 'killing off the dns server and restarting' go. # killall named # nslookup ::1 # should return localhost after named restarts # rndc validation disable # is a command you can issue to turn off validati= on # host www.lwn.net # repeat a few times # your clock should slew inside of about # Here are the potential problems. 0) Are you on a real ip address or behind levels of nat? 1) If you are behind someone elses firewall, it may be that you cannot get dns through it. In many locations dns packets are blocked, and dns is only available from the local dns server. 2) in some locations dns access to the roots is blocked 3) in some places the local dns server is too lame to recurse properly or handle ipv6 4) in others NTP is blocked > > 4. Added my lan subnet entry in "acls.local.conf" - in vain. It is a good idea that you do so. > 5. added my dns servers in forwarders.conf That should have worked, unless your dns servers were lame. Did you try 8.8.8.8 as a forwarder? > If I configure any open dns server like 8.8.8.8; everything works properl= y > (as expected). > > Waited to catch you - but its almost midnight here - so thought to put it= in > the mail I went to bed early last night (flu), and woke up late (more flu) > > Appreciate your help. > > Thanks, > Ketan > > p.s. firmware is cerowrt-3.3rc7.2 --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://www.bufferbloat.net